GLIBC GHOST :: glibc vulnerability (CVE-2015-0235)

Recently, an another vulnerability found in “Glibc” under CVE-2015-0235. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application.

Why the name GHOST?

It’s not a GHOST 🙂 GHOST is a ‘buffer overflow’ bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library.

Solution:

Update the Glibc version by using YUM. Here is the command:

yum update glibc 

Updated versions:
For CloudLinux 5 : glibc-2.5-123.el5_11.1
For CloudLinux 6 : glibc-2.12-1.149.el6_6.5

Then restart the services which using this funtions.

Exim, Apache, LiteSpeed, Nginx, cPanel, PostgreSQL, OpenSSH, Postfix/sendmail etc

Or reboot the server.

That’s it!!

Post navigation

Arunlal A

Senior System Developer at Zeta. Linux lover. Traveller. Let's connect! Whether you're a seasoned DevOps pro or just starting your journey, I'm always eager to engage with like-minded individuals. Follow my blog for regular updates, connect on social media, and let's embark on this DevOps adventure together! Happy coding and deploying!

Leave a Reply

Your email address will not be published. Required fields are marked *